Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

SONICWALL-FIREWALL-TRAP-MIB MIBS&OIDS not available

sukur55sukur55 Newbie ✭
in High End Firewalls

Hello dear community, we are planning to create nagios checks for monitoring SonicWall firewall High Availability status. the only related SNMP information I have found is amoung FIREWALL-TRAP-MIB and but not getting any response with these MIBS/OIDS. I know base OID for tree is like "1.3.6.1.4.1.8741.1.1" but it returns nothing with snmpwalk , so nothing available under this tree. Anyone can explain reason?

Category: High End Firewalls
Reply

Answers

  • ArkwrightArkwright Cybersecurity Overlord ✭✭✭

    Because it's not implemented, unfortunately. An OID for trapping won't necessarily work for polling.

    We monitor HA state transitions by polling the OID for the serial number of the virtual IP and then raise an alert if it changes since last poll. It's not perfect but it lets us know when something has happened.

    You can also configure logging system to send emails on "firewall has transitioned to Active" events.

    You will be glad to see that you find out the IP addresses of 168 unconfigured syslog servers, so there's that :D

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSyslogServerAddr.1 = IpAddress: 0.0.0.0

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSyslogServerAddr.2 = IpAddress: 0.0.0.0

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSyslogServerAddr.3 = IpAddress: 0.0.0.0

    SONICWALL-FIREWALL-IP-STATISTICS-MIB::sonicSyslogServerAddr.4 = IpAddress: 0.0.0.0

    etc

  • sukur55sukur55 Newbie ✭

    We monitor HA state transitions by polling the OID for the serial number of the virtual IP and then raise an alert if it changes since last poll. It's not perfect but it lets us know when something has happened

    this part is interesting probably I can also use it? can you explain in detail a bit.

  • ArkwrightArkwright Cybersecurity Overlord ✭✭✭
    edited November 2022

    Not really much more detail to give, tbh. Monitor value of

    SNWL-COMMON-MIB::snwlSysSerialNumber.0

    If it ever changes, then there was an HA transition.

    Obviously, would be great if there was an OID you could poll that explicitly says if it's active or standby, but there isn't.

  • RedesRedes Newbie ✭

    Reading these posts, I take the opportunity to consult them since they have active-active configuration, if they know the command to pass via cli from one node to another. Thanks partners!

  • ArkwrightArkwright Cybersecurity Overlord ✭✭✭

    I should clarify my previous reply,

    Monitor value of SNWL-COMMON-MIB::snwlSysSerialNumber.0

    on the virtual IP address, not the individual management IPs!

  • GMPGMP Newbie ✭

    I have implemented the suggestion, above, for a NSa3650 pair.

    snmpget -c password -v 2c IPofSonicWall iso.3.6.1.4.1.8741.2.1.1.2.0

    iso.3.6.1.4.1.8741.2.1.1.2.0 = STRING: "A1B2C3D4E5F6"

    The snmpget command, above returns the serial number of the SonicWall. The response is shown after the query. I compare the string to the serial number of the primary and secondary device to know which is active.

    The algorithm was found empirically. I did a snmpwalk of the device and noticed that the serial number string changed when the secondary device became the active firewall.

Sign In or Register to comment.